Thanks for choosing Orange County Computer, Inc.

Sales: (949) 522-7709 | Support: (949) 699-6619 | 8am – 5pm Monday – Friday : Saturday by Appointment

Orange County Computer INC.
  • Orange County IT Company
  • About Us
    • Blog
    • Location
    • Testimonials
    • Partners
    • Computer Repair Warranty
  • Contact Us
    • Customer Referral Program
  • Emergency Computer Repair in Orange County, CA
    • Orange County Desktop Repair Services
    • Orange County Laptop Repair Services
    • Virus Removal Services
    • Orange County IT Support
    • Data Recovery Services in Orange County, CA
    • E-Waste Recycling
    • Orange County Computer Disaster Recovery Services
  • Orange County Business IT Support
    • Wifi Solutions for Businesses in Orange County, CA
    • Professional Managed IT Services in Orange County
    • Orange County Software Licensing Solutions
    • Why Choose a Microsoft Partner
    • Software Application Development
  • Technologies
    • Orange County Data Storage Services
    • Orange County Data Backup and Recovery Services
    • Orange County Offsite Backup
    • Orange County Software Support Services
    • Orange County Network Virtualization Services
    • Firewall & Network Security in Orange County
    • Servers for Small Businesses in Orange County, CA
  • Web Services
    • Domain Registrar
    • Orange County Web Hosting Services
    • Orange County Web Design Services
  • Orange County IT Company
  • About Us
    • Blog
    • Location
    • Testimonials
    • Partners
    • Computer Repair Warranty
  • Contact Us
    • Customer Referral Program
  • Emergency Computer Repair in Orange County, CA
    • Orange County Desktop Repair Services
    • Orange County Laptop Repair Services
    • Virus Removal Services
    • Orange County IT Support
    • Data Recovery Services in Orange County, CA
    • E-Waste Recycling
    • Orange County Computer Disaster Recovery Services
  • Orange County Business IT Support
    • Wifi Solutions for Businesses in Orange County, CA
    • Professional Managed IT Services in Orange County
    • Orange County Software Licensing Solutions
    • Why Choose a Microsoft Partner
    • Software Application Development
  • Technologies
    • Orange County Data Storage Services
    • Orange County Data Backup and Recovery Services
    • Orange County Offsite Backup
    • Orange County Software Support Services
    • Orange County Network Virtualization Services
    • Firewall & Network Security in Orange County
    • Servers for Small Businesses in Orange County, CA
  • Web Services
    • Domain Registrar
    • Orange County Web Hosting Services
    • Orange County Web Design Services

Shellshock is a new security threat worse than Heartbleed

Orange County Computer INC. > About Us > Blog > OCC News > Shellshock is a new security threat worse than Heartbleed

Shellshock is a new security threat worse than Heartbleed

The Health Information Trust Alliance has issued warnings about Shellshock, a system vulnerability it says could cause much more damage than the infamous Heartbleed bug.

The HITRUST Cyber Threat Intelligence and Incident Coordination Center, known as the C3, announced this past week it has been tracking the remote code execution vulnerability, which it says can allow hackers to bypass commands and execute arbitrary code, leaving OS X and Linux machines open to attack.

“We base the assessment that Shellshock is a more serious vulnerability than Heartbleed due to the ability of potential perpetrators to use the exploit to craft malicious code that enables them to gain complete control of a compromised server,” write HITRUST officials in their dense and detailed threat report.

Heartbleed, of course, has been at least partly responsible for some serious damage to the healthcare industry. This past summer it was revealed that Chinese hackers were able to use the bug’s system vulnerabilities to access some 4.5 million patient records at Community Health Systems – the second largest PHI breach in healthcare history.

Shellshock, is the “worst we’ve seen in many years,” according to one security blogger.

“In retrospect, the grave concern over Heartbleed seems misplaced,” he writes. “As information disclosure bugs go it was a really bad one, but it was only an information disclosure bug and a difficult one to exploit. The sky’s the limit on attacks with Shellshock.”

Indeed, beyond exploiting the new Shellshock bug for DDoS attacks, “other malicious actors could use the exploit to gain unfettered access to a vulnerable server and conduct much more damaging operations – such as sabotaging corporate networks or collecting any information stored on the server, including intellectual property, personally identifiable information, or protected health information,” according to HITRUST.

As HITRUST works with the Department of Homeland Security to monitor the threat, it suggests that, “given increased cyber threat activity affecting healthcare organizations,” healthcare organizations should review their information security controls, “or if unable, then focus on those specifically related to cyber security.”

It offers resources for healthcare security professionals here.

On Sept. 23, HITRUST Chief Executive Officer Daniel Nutkis wrote to Health and Human Services Secretary Sylvia Mathews Burwell, offering an update on “the significant progress made” with regard to healthcare security — and also to spotlight efforts “currently underway to address the risks and implications” of cyber attacks.”

“Continued vigilance is required to protect sensitive healthcare data of American citizens,” he wrote.

As healthcare has recently come to recognize the imperative to protect against cyber crime, HITRUST “identified the need for collaboration among stakeholders, particularly leveraging the expertise of larger, more cyber-sophisticated organizations to assist less sophisticated players,” wrote Nutkis.

In response, HITRUST launched C3 to offer threat intelligence, incident response and other knowledge and strategies unique to the healthcare industry, according to the letter to HHS.

“The C3 facilitates the early identification of cyber-attacks and creation of best practices specific to the healthcare environment and maintains a conduit through the Department of Homeland Security to the broader cyber-intelligence community for analysis support and exchange of threat intelligence,” Nutkis wrote.

“The Center is also the first to track vulnerabilities related to medical devices and electronic health record systems,” he added, “which are both emerging areas of concern.”

If you feel that your system or network has been hacked or is at risk of attack contact the Cyber Security Experts at Orange County Computer® so we can minimize the damage. Call our Tech Center at (949) 699-6619 or visit us online at  OrangeCountyComputer.com. We are happy to help.

15-Year-Seal_Silver

Information originally obtained from  Heathcare IT News’s Mike Miliard.  View the story here.

← Dental Office Data Security
40 Apple iPhone 6 Plus and iPhone 6 tips and tricks →

Recent News

  • CISA Updates #StopRansomware Guide
  • Western Digital’s MyCloud Services Outage: Did You Lose File Access?
  • The Safeguards Rule: Financial Institutions Must Protect Client Data!
  • AdSense Fraud Campaign: Is your site infected?
  • Looking for a Windows 10 Download? You’re Out of Luck!

Contact Us

Orange County Computer, Inc.

26150 Enterprise Way, Suite 400
Lake Forest, CA 92630

Sales: (949) 522-7709

Support: (949) 699-6619

Recent Posts

  • CISA Updates #StopRansomware Guide

    To add perspective, stay relevant, and boost effectiveness, the Cybersecurity an...

  • Western Digital’s MyCloud Services Outage: Did You Lose File Access?

    Western Digital, a household name in digital storage, suffered a service disrupt...

Search

    • Home
    • Site Map
    • Remote Support